Editing Udacity (section)

====AWS Project====
=====Create Admin User for AWS CLI=====
* [https://console.aws.amazon.com/iamv2/home?#/home IAM Dashboard] -> Add User
* [[File:AWS_Project1.PNG|400px]]
* [[File:AWS_Project2.PNG|400px]]
* no tags
* create user
* download CSV to <code>C:\Uwes\python\UdacityFullWebDeveloper\AWS\</code>
* [[File:AWS_Project3.PNG|400px]] this adds sections in <code>C:\Users\U1728\.aws\config</code> and <code>C:\Users\U1728\.aws\credentials</code>.
* check configuration by [[File:AWS_Project4.PNG|400px]]
* [https://s3.console.aws.amazon.com/s3/home?region=eu-central-1# S3 Dashboard] -> Create Bucket 'uweheuerudacity1'
* and by AWS CLI [[File:AWS_Project5.PNG|400px]]
* <code>PS C:\Users\U1728> aws s3api delete-bucket --bucket uweheuerudacity2 --profile aws_cli_profile</code>
=====Prepare the Project via AWS Console=====
* find out the AWS acount id
 aws sts get-caller-identity --profile aws_cli_profile
* create files <code>trust.json</code> and <code>iam-role-policy.json</code> in <code>C:\Uwes\python\UdacityFullWebDeveloper\AWS\</code> and run
 aws iam create-role --role-name UdacityFlaskDeployCBKubectlRole --assume-role-policy-document file://trust.json --output text --query 'Role.Arn' --profile aws_cli_profile
 aws iam put-role-policy --role-name UdacityFlaskDeployCBKubectlRole --policy-name eks-describe --policy-document file://iam-role-policy.json --profile aws_cli_profile
* create role in IAM dashboard [[File:AWS_Project6.PNG|400px]] -> Next
* [[File:AWS_Project7.PNG|400px]] -> Next
* [[File:AWS_Project8.PNG|400px]] -> Create Role
* attach AmazonEKSServicePolicy [[File:AWS_Project9.PNG|400px]]
* create role 'uweheuerEKSWorkerNode' with permissions 'AmazonEKSWorkerNodePolicy, AmazonEC2ContainerRegistryReadOnly, AmazonEKS_CNI_Policy'
* create SSH key pair 'uweheuerVMSSHPair' for the VMs by EC2 service -> Network & Security -> Key Pairs with ppk
* Create cluster by 'EKS -> Clusters -> Add Cluster -> Create' [[File:AWS_Project10.PNG|400px]]
* [[File:AWS_Project11.PNG|400px]]
* when the cluster is active add a node group [[File:AWS_Project12.PNG|400px]]
* [[File:AWS_Project13.PNG|400px]]
* [[File:AWS_Project14.PNG|400px]]
=====Prepare the Project via Command Line=====
* install [[EDTLaptop1#AWS_eksctl| eksctl]]
* test e.g. by
 eksctl get cluster
* kubectl is installed via [[EDTLaptop1#Docker|Docker]]
* create demo cluster
 eksctl create cluster --name eksctl-demo  [--profile <profile-name>]
* create a public Docker repository named 'simple-flask' via the Docker Hub web portal
* create a test flask application
 C:\Uwes\python\UdacityFullWebDeveloper\AWS\simple flask application> git clone https://github.com/udacity/FSND-Deploy-Flask-App-to-Kubernetes-Using-EKS
* start Docker
* build Docker image
 C:\Uwes\python\UdacityFullWebDeveloper\AWS\simple flask application\FSND-Deploy-Flask-App-to-Kubernetes-Using-EKS\examples\Deploy_Flask_App> docker build -t uweheuer/simple-flask .
* push the image to the repository
 C:\Uwes\python\UdacityFullWebDeveloper\AWS\simple flask application\FSND-Deploy-Flask-App-to-Kubernetes-Using-EKS\examples\Deploy_Flask_App> docker push uweheuer/simple-flask:latest
* create C:\Uwes\python\UdacityFullWebDeveloper\AWS\deployment.yml
* deploy the application to the cluster
  C:\Uwes\python\UdacityFullWebDeveloper\AWS> kubectl apply -f .\deployment.yml
* check it by 
 C:\Uwes\python\UdacityFullWebDeveloper\AWS> kubectl cluster-info
* clean up for the time being
 C:\Uwes\python\UdacityFullWebDeveloper\AWS> kubectl delete deployments/simple-flask-deployment
 C:\Uwes\python\UdacityFullWebDeveloper\AWS> eksctl delete cluster eksctl-demo

=====Final Project=====
======Resources======
* https://skysign.tistory.com/328
* https://giters.com/mahri-a/Full-Stack-Developer-Nanodegree
* https://githubhelp.com/jpsalado92

======Activities======
* login to Github and fork https://github.com/udacity/cd0157-Server-Deployment-and-Containerization
* get URL of repository [[File:AWS_Project15.PNG|400px]]
* clone repo
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject> git clone https://github.com/UweHeuer/cd0157-Server-Deployment-and-Containerization.git
* create a virtual environment
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> python -m venv venv
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> .\venv\Scripts\activate
 (venv) PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> pip install -r .\requirements.txt
 $env:JWT_SECRET = "myjwtsecret"
 $env:JWT_SECRET = "DEBUG"
* start the backend
 python main.py
* test from Powershell (replace token from the return of the first call)
 PS C:\Uwes\Programme\curl\curl-7.76.1-win64-mingw\bin>.\curl.exe --data "{\""email\"":\""abc@xyz.com\"",\""password\"":\""mypwd\""}" --header "Content-Type: application/json" -X POST localhost:8080/auth | jq -r ".token"
 PS C:\Uwes\Programme\curl\curl-7.76.1-win64-mingw\bin>.\curl.exe --request GET "http://localhost:8080/contents" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDU4MDkxMDIsIm5iZiI6MTY0NDU5OTUwMiwiZW1haWwiOiJhYmNAeHl6LmNvbSJ9.yuNDXFRHgterpUuvAqgILL4yrq4mLqaKOgWIB2vQFzQ" | jq .
* build Docker image
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> docker build -t myimage .
* run container on local port 81
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> docker run --name myContainer --env-file=.env_file -p 81:8080 myimage
* test it in browser http://localhost:81/
* and by docker commands
 docker container ls
 docker ps
 docker container stop <CONTAINER_ID>
 docker container rm <CONTAINER_ID>
* find out account data
 aws sts get-caller-identity
 {
    "UserId": "AIDA44LO4KKN3BXHFK4TO",
    "Account": "885532676763",
    "Arn": "arn:aws:iam::885532676763:user/Admin"
 }
* create an EKS cluster by
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> eksctl create cluster --name simple-jwt-api
 ... uses region us-west-2
* check by [https://us-west-2.console.aws.amazon.com/cloudformation/home?region=us-west-2#/ CloudFormation dashboard] -> Stacks or [https://us-west-2.console.aws.amazon.com/eks/home?region=us-west-2#/clusters EKS dashboard] -> Clusters or
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> kubectl get nodes
* role UdacityFlaskDeployCBKubectlRole will be used from [[Udacity#Prepare_the_Project_via_AWS_Console|preparation]]
* allowing the role to access the cluster
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> kubectl get -n kube-system configmap/aws-auth -o yaml > /temp/aws-auth-patch.yml
* copy the file to C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization
* edit the file and patch the clusters config map by the following command (the access to the patch file modified, because the command from the tutorial did not work)
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> kubectl patch configmap/aws-auth -n kube-system --patch-file .\aws-auth-patch.yml
* generate a GitHub Token by the GitHub web portal and store it in C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\MyInfos.txt
* edit C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization\ci-cd-codepipeline.cfn.yml
* create a stack by the file via the CloudFormation service dashboard -> Create Stack
* edit C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization\buildspec.yml with JWT_SECRET
* put the secret in the AWS Parameter Store by
 aws ssm put-parameter --name JWT_SECRET --overwrite --value "UwesSecret" --type SecureString
* add changes to git
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> git add .\Dockerfile
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> git add .\buildspec.yml
 PS C:\Uwes\python\UdacityFullWebDeveloper\AWS\FinalProject\cd0157-Server-Deployment-and-Containerization> git commit -m Update1
* get the url to connect to by
 kubectl get services simple-jwt-api -o wide
 NAME             TYPE           CLUSTER-IP       EXTERNAL-IP                                                              PORT(S)        AGE   SELECTOR
 simple-jwt-api   LoadBalancer   10.100.107.241   ab375b7c2eb4f47838c051bbe449c108-485277684.us-west-2.elb.amazonaws.com   80:31272/TCP   34m   app=simple-jwt-api
* test the encrpytion by
 PS C:\Uwes\Programme\curl\curl-7.76.1-win64-mingw\bin> .\curl.exe --data "{\""email\"":\""abc@xyz.com\"",\""password\"":\""mypwd\""}" --header "Content-Type: application/json" -X POST ab375b7c2eb4f47838c051bbe449c108-485277684.us-west-2.elb.amazonaws.com/auth | jq -r ".token"
* test decryption by using the output of the former command in
 .\curl.exe --request GET "ab375b7c2eb4f47838c051bbe449c108-485277684.us-west-2.elb.amazonaws.com/contents" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDYwNjg0MzQsIm5iZiI6MTY0NDg1ODgzNCwiZW1haWwiOiJhYmNAeHl6LmNvbSJ9.QYEEoTwZd4OS1FCSPf20e7b5xOjEUFcaEXHCVqLTGI4" | jq .

=====Issues=====
* AWS Portal screen shots out-dated
* description out-dated and not complete for Windows
* roles may not be deleted
* missing diagrams
* chocolately admin rights
* windows commands did not work (see patching the clusters config map)